|
741
|
7.3 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sq…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8098
|
2026-05-8 06:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
742
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injec…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8097
|
2026-05-8 06:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
743
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-34429. Reason: This candidate is a duplicate of CVE-2026-34429. Notes: All CVE users should reference CVE-2026-344…
New
|
-
|
CVE-2026-44365
|
2026-05-8 06:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
744
|
7.8 |
HIGH
Local
|
-
|
-
|
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.set_value() passes values to Python's configparser without validating for newlines. GitP…
New
|
CWE-94
Code Injection
|
CVE-2026-44244
|
2026-05-8 06:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
745
|
7.7 |
HIGH
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, Helper::sanitizeRemoteUrl() in app/Misc/Helper.php follows HTTP redirects via curlGetLastR…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41905
|
2026-05-8 06:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
746
|
7.1 |
HIGH
Local
|
gitpython_project
|
gitpython
|
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application …
New
|
CWE-22
Path Traversal
|
CVE-2026-44243
|
2026-05-8 06:12 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
747
|
5.3 |
MEDIUM
Network
|
-
|
-
|
ParquetSharp is a .NET library for reading and writing Apache Parquet files. From version 18.1.0 to before version 23.0.0.1, DecimalConverter.ReadDecimal makes a stackalloc using what might be an att…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-42241
|
2026-05-8 05:37 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
748
|
- |
|
-
|
-
|
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport (sip_transport_tls) can accept connections with invalid o…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42225
|
2026-05-8 05:36 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
749
|
8.1 |
HIGH
Network
|
-
|
-
|
Budibase is an open-source low-code platform. Prior to version 3.35.10, the budibase:auth cookie containing the JWT session token is set with httpOnly: false at packages/backend-core/src/utils/utils.…
New
|
CWE-1004
Sensitive Cookie Without 'HttpOnly' Flag
|
CVE-2026-42239
|
2026-05-8 05:35 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
750
|
7.6 |
HIGH
Network
|
-
|
-
|
manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. F…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-43510
|
2026-05-8 05:32 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
